{% if lb_kube_apiserver_healthcheck_port is defined %}
admin:
  access_log_path: "/dev/null"
  address:
    socket_address:
      address: 127.0.0.1
      port_value: {{ lb_envoy_admin_address_port }}
{% endif %}
static_resources:
  listeners:
  - name: lb_kube_apiserver
    address:
      socket_address:
        address: {% if inventory_hostname in groups['lb'] %}0.0.0.0{% else %}127.0.0.1{% endif %}

        port_value: {{ lb_kube_apiserver_port }}
    filter_chains:
    - filters:
      - name: envoy.tcp_proxy
        config:
          stat_prefix: ingress_tcp
          cluster: kube_apiserver
          access_log:
            - name: envoy.file_access_log
              config:
                path: "/dev/stdout"
{% if enabel_ingress_nodeport_lb | bool %}
  - name: ingress_http
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 80
    filter_chains:
    - filters:
      - name: envoy.tcp_proxy
        config:
          stat_prefix: ingress_tcp
          cluster: ingress_http
          access_log:
            - name: envoy.file_access_log
              config:
                path: "/dev/stdout"
{% endif %}
{% if enabel_ingress_nodeport_lb | bool %}
  - name: ingress_https
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 443
    filter_chains:
    - filters:
      - name: envoy.tcp_proxy
        config:
          stat_prefix: ingress_tcp
          cluster: ingress_https
          access_log:
            - name: envoy.file_access_log
              config:
                path: "/dev/stdout"
{% endif %}
{% if lb_kube_apiserver_healthcheck_port is defined %}
  - name: healthz
    address:
      socket_address:
        address: 127.0.0.1
        port_value: {{ lb_kube_apiserver_healthcheck_port }}
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          access_log:
          - name: envoy.file_access_log
            config:
              path: "/dev/null"
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/healthz"
                route:
                  prefix_rewrite: /
                  cluster: admin
          http_filters:
          - name: envoy.router
{% endif %}
  clusters:
{% if lb_kube_apiserver_healthcheck_port is defined %}
  - name: admin
    connect_timeout: 0.5s
    type: strict_dns
    lb_policy: LEAST_REQUEST
    hosts:
    - socket_address: 
        address: 127.0.0.1
        port_value: {{ lb_envoy_admin_address_port }}
{% endif %}
  - name: kube_apiserver
    connect_timeout: 0.5s
    type: strict_dns
    lb_policy: LEAST_REQUEST
    hosts:
{% for host in (groups['kube-master'] + groups['new-master']) %}
    - socket_address:
        address: {% if hostvars[host]['ansible_host'] is defined %}{{ hostvars[host]['ansible_host'] }}{% else %}{{ host }}{% endif %}

        port_value: 6443
{% endfor %}
